Weak Passwords Significant Situation for Information Security
Even within the wake of warnings and elevated understanding about passwords becoming weak, the situation remains. This was evident inside a current information breach that showed the Social Security numbers and information of more than 280,000 individuals in Utah. The breach of a Utah Medicaid network server was broken into through a default administrative password. This permitted the cyber thieves to bypass the perimeter, network, and application level security measures that had been built in to the well being agency's systems.
With such errors pretty simple to steer clear of, it will continue to surprise specialists that these aren't the very first factor taken care of when attempting to secure a pc network system. But numerous good examples exist. The U.S. Division of Power stated following a security audit in the Bonneville Power Administration, the agency identified 11 servers that had been configured with effortlessly guessable passwords. Having usb encryption will assist a great deal.
4 from the power administration network servers permitted remote customers to gain access and change shared files. An additional server hosted an administrator account was only protected having a default password. The agency has reported and coaxed stronger password protection, particularly inside national security crucial infratstructure like power plants.
The current Global Payments information breach that exposed about 1.5 million charge card account holder's info was most likely accessed through weak authentication controls. And it's also believed that Chinese hackers got in to the U.S. Chamber of Commerce's web site through weak password protection.
Gartner analyst John Pescatore said the Anonymous hacking collective takes advantage of the very human tendency to use the same password for multiple accounts. "A lot of Anonymous' recent success has been in attacks where they have obtained users' passwords to external services and then found the same passwords in use at sensitive internal applications or in email systems," Pescatore said. That is "the curse of the reusable password," he added.
"The truth is, anybody attempting to shield nontrivial assets ought to be utilizing multifactor authentication and/or complementary controls to shield themselves," stated Peter Lindstrom, an analyst with Spire Security. "The password has as well numerous weaknesses, which includes the apparent human ones. At this stage from the IT game," he added, "there is truly no excuse for utilizing default passwords."
With such errors pretty simple to steer clear of, it will continue to surprise specialists that these aren't the very first factor taken care of when attempting to secure a pc network system. But numerous good examples exist. The U.S. Division of Power stated following a security audit in the Bonneville Power Administration, the agency identified 11 servers that had been configured with effortlessly guessable passwords. Having usb encryption will assist a great deal.
4 from the power administration network servers permitted remote customers to gain access and change shared files. An additional server hosted an administrator account was only protected having a default password. The agency has reported and coaxed stronger password protection, particularly inside national security crucial infratstructure like power plants.
The current Global Payments information breach that exposed about 1.5 million charge card account holder's info was most likely accessed through weak authentication controls. And it's also believed that Chinese hackers got in to the U.S. Chamber of Commerce's web site through weak password protection.
Gartner analyst John Pescatore said the Anonymous hacking collective takes advantage of the very human tendency to use the same password for multiple accounts. "A lot of Anonymous' recent success has been in attacks where they have obtained users' passwords to external services and then found the same passwords in use at sensitive internal applications or in email systems," Pescatore said. That is "the curse of the reusable password," he added.
"The truth is, anybody attempting to shield nontrivial assets ought to be utilizing multifactor authentication and/or complementary controls to shield themselves," stated Peter Lindstrom, an analyst with Spire Security. "The password has as well numerous weaknesses, which includes the apparent human ones. At this stage from the IT game," he added, "there is truly no excuse for utilizing default passwords."
About the Author:
Oliver David contributes articles for blogs on topics like hardware authentication and usb protection.
You are receiving this because you signed up for it on 2011-10-03 from IP 203.109.66.181
To fine-tune your selection of which articles to receive, just login here
using your username:
To unsubscribe please use the following link:
Unsubscribe
No comments:
Post a Comment